Complete the code to create a service account using gcloud CLI.
gcloud iam service-accounts create [1] --display-name="My App Service Account"
The command creates a new service account named my-app-sa. This name is unique and descriptive for the application.
Complete the code to assign the 'roles/storage.objectViewer' role to the service account.
gcloud projects add-iam-policy-binding my-project --member="serviceAccount:[1]@my-project.iam.gserviceaccount.com" --role="roles/storage.objectViewer"
The service account my-app-sa is granted the role to view storage objects, which is a common permission for applications accessing Cloud Storage.
Fix the error in the command to activate the service account key file.
gcloud auth activate-service-account [1] --key-file=key.jsonThe full email of the service account must be used to activate it, not just the name.
Fill both blanks to create a JSON key for the service account and save it to a file.
gcloud iam service-accounts keys create [1] --iam-account=[2]
The key file is saved as key.json and is created for the correct service account email.
Fill all three blanks to set the environment variable for application authentication.
export GOOGLE_APPLICATION_CREDENTIALS=[1] && gcloud auth activate-service-account [2] --key-file=[3]
The environment variable points to the key file key.json, and the service account is activated using the same key file and full email.